﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Data.SqlClient;
using System.Web.Security;
using System.Data;
using qman;

public partial class signin : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }

    private bool ValidateUser(string userName, string passWord)
    {
        SqlConnection conn;
        SqlCommand cmd;
        string lookupPassword = null;

        // Check for invalid userName.
        // userName must not be null and must be between 1 and 15 characters.
        if ((null == userName) || (0 == userName.Length))
        {
            System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of userName failed.");
            return false;
        }

        // Check for invalid passWord.
        // passWord must not be null and must be between 1 and 25 characters.
        if ((null == passWord) || (0 == passWord.Length))
        {
            System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of passWord failed.");
            return false;
        }

        //try
        {
            // Consult with your SQL Server administrator for an appropriate connection
            // string to use to connect to your local SQL Server.
            conn = new SqlConnection(qman.DataHelp.DataAccess.myConnectionString);
            conn.Open();

            // Create SqlCommand to select pwd field from users table given supplied userName.
            // Check if is a client or a company
            cmd = new SqlCommand("Select pwd from user_accounts where [user]=@userName", conn);
            cmd.Parameters.Add("@userName", SqlDbType.VarChar, 100);
            cmd.Parameters["@userName"].Value = userName;

            // Execute command and fetch pwd field into lookupPassword string.
            lookupPassword = (string)cmd.ExecuteScalar();

            // Cleanup command and connection objects.
            cmd.Dispose();
            conn.Dispose();
        }
        //catch ( Exception ex )
        {
            // Add error handling here for debugging.
            // This error message should not be sent back to the caller.
            //System.Diagnostics.Trace.WriteLine( "[ValidateUser] Exception " + ex.Message );
        }

        // If no password found, return false.
        if (null == lookupPassword)
        {
            // You could write failed login attempts here to event log for additional security.
            return false;
        }

        // Compare lookupPassword and input passWord, using a case-sensitive comparison.
        return (0 == string.Compare(lookupPassword, passWord, false));

    }

    protected void Button1_Click(object sender, EventArgs e)
    {
        if (ValidateUser(txtUserName.Value, txtUserPass.Value))
        {
            FormsAuthentication.RedirectFromLoginPage(txtUserName.Value, chkPersistCookie.Checked);
            this.Session["user"] = this.txtUserName.Value;

            HttpCookie cookUser = new HttpCookie("cookUser");
            cookUser.Value = this.txtUserName.Value;
            cookUser.Expires = DateTime.MaxValue;

            if (this.Request.Cookies["cookUser"] == null) this.Response.Cookies.Add(cookUser);
            else this.Response.Cookies.Set(cookUser);
        }
        else Response.Redirect("login.aspx", true);
    }
}
